I need to be able to use PUT to copy encrypted files to an internal stage. I don't know of a way to provide any kind of encryption key as an argument to decrypt the file before copying, though. Is this possible to do? If it isn't, could this be added as a feature?
This actually is the automatic encryption used each time you upload a staged file to Snowflake Internal Stage:
Data Encryption
Depending on where you will be staging your files, client-side encryption, ingestion encryption, and tri-secret secure, customer managed keys are all options.
For example, if you were using Amazon S3, you can create an encrypted stage: https://docs.snowflake.net/manuals/user-guide/security-encryption.html#ingesting-client-side-encrypted-data-into-snowflake
There is also an enterprise feature for rotating keys called Periodic rekeying: https://docs.snowflake.net/manuals/user-guide/security-encryption.html#periodic-rekeying
I hope these resources help you get started.
Related
I'm currently working on a password managing application in Meteor React and can't seem to find a way to encrypt and decrypt data on the client, with MmongoDB storing the encrypted data.
To add a little background to the task and specify what I am trying to do:
This whole application is for one single company and users are the employees only. The passwords, along with username info and some other attributes are stored in folders and users get view and edit rights to data within the folder. Passwords (along with additional info) need to be encrypted, but multiple users need to be able to access them based on the rights given to them. So when the data is encrypted, say when a person creates a password, other users with the rights to do so need to be able to decrypt this data as well. However, the decryption needs to happen on client and the server can only ever access the encrypted data.
I have tried using planifica:encryption, because it has exactly what we need for our project, but I ran into some errors and I can't get past them nor find any article about them. I have heard of Mylar in some answers to similar questions, but both Mylar and Planifica don't seem to have been updated for a few years now. I know Node.js has a crypto module, but I am not sure whether it could be used to share encrypted data among users and most importantly, how to do so.
Is there any way to do what we need for this project? I should also point out that I am relatively new to meteor and I have not dealt with encryption whatsoever, so my understanding is rather limited.
Thank you for reading!
This very much depends on the encryption you are using, but since you are interested in decrypting things client-side, it sounds like what you are looking for is the SubtleCrypto web api.
That should be all you need on top of what Meteor already provides. You should be able to use a regular meteor collection and publication to share the encrypted data with your clients, and then let them decrypt it using the above linked decrypt function. One question I'd have is how you will be able to get the decryption key to your clients while hiding it from the server, but I assume you've got that part figured out somehow.
Is there a decent database for nodejs that is able to be embeded & encrypted so that if someone does get that file of data, a password also has to be known ?
I am coming up short & though things like nosql, nedb, etc. exists, none of them see to be able to handle encryption of said data.
sqlcipher can be built for mapbox/sqlite3
Also, using encryption with nedb is really easy, you just create a crypto cipher and perform the operation in and out. See this example from bitcrypt
You'd basically do the same thing as cipherHelper and decipherHelper, but you'd put them in the afterSerialization and beforeDeserialization callbacks.
I successfully managed to create a SQLite3 DB with Perl using Perl::DBI module.
I was wondering if there was a way to add encryption to the database to my existing Perl code ?
I read thoroughly the 2 following links :
Password Protect a SQLite DB. Is it possible?
SQLite with encryption/password protection
but the provided examples seem only to include proprietary software or C# code (especially this bit here https://stackoverflow.com/a/24349415/3186538).
Thanks in advance.
Well, you could run your data through any of the Crypt::* modules (::DES, ::Blowfish, ::IDEA, etc, in conjunction with ::CBC), then possibly encode it with base64 to get text, before writing it to the DB. And, of course, reverse the operation when reading. You could even create a Perl::DBICrypt module that sat above Perl::DBI and did this automagically.
However, it depends pretty much on how you're going to use it. If you're just worried about someone stealing and using your data, the encryption would be feasible since, without the key, it would be useless.
On the other hand, if you're trying to protect data in a system you distribute, then the key will be available to the attacker (since, without it, your code won't work). So encrypting in that case would be a minor inconvenience at best.
It's something that could only really work if you kept the key away from the attacker (such as if the Perl code runs in an app server controlled by you).
Basically any solution that decrypts data on a box accessible to an attacker will be vulnerable.
For Windows.Forms, I have an application that needs to get a unique install id for each install from my server, and then persist this data so once registered, the install ID is included on all communications back to the server. The application is in occasional contact with the server.
How can I persist this data on the client in a way that is not easily tampered with?
First, you should note that if the data is on the local file system and your application can read and write it, it will always be possible for a determined user to tamper with it... perhaps not easy, but possible nonetheless.
That said, there are a number of options you could consider, including (but not limited to) :
encrypting the data with a key defined in your assembly : pretty safe is the user has no programming skills, but an advanced user could disassemble your app to find the key. Obfuscation could make it harder to extract the key, but not impossible.
using an isolated storage : I'm not sure whether the data is encrypted or not, but at least it's not easily found, hidden in a deep folder hierarchy... Not so safe is the user knows where to look, however
writing the data in a binary format, which makes it harder to read or modify for a non expert user
using a piece of native code to encrypt the data : similar to the first option, but a native DLL is harder to disassemble than a .NET assembly, so it requires more skills to find the key
Again, all these approches are not bulletproof : as long as your program can access the data, an advanced user could always reverse engineer it and do the same...
You could save the data in the windows registry. You'll use the [HKCU\Software\YourAppName] hive key if it's a per-user setting, or [HKLM\Software\YourCompany] if it's a global setting. However, the data would need to be encrypted, because its trivila to get the values in these keys
Application: Building a small application for maintaining schedules of activity. It queries a MSSQL database. Storage for schedules is written to the MSSQL DB as well.
I've reviewed a large number of posts on stack overflow as well as googled extensively on securing the database.yml file. Maybe it's just me but I'm left with some major questions still.
1) Why exactly is storing my password in plain text in database.yml insecure? Is it because that method of storing password information is insecure in itself? Or is it because when publishing to a git repository you may inadvertently publish your database passwords in plain text?
2) If storing passwords in plain text under root/config/database.yml is insecure, why do I see a number of references to creating another yml file in the same directory to store the password? I see that some people are setting up a config.yml and creating global variables that can be used in database.yml. If this is more secure, why?
http://railscasts.com/episodes/85-yaml-configuration-file
My gut feeling is I'm missing some important knowledge on how to properly secure my database credentials. I'm really looking for an exhaustive explanation on what needs to be done to secure my credentials for sql.
Edit: I just wanted to update the context of this. I understand the need to encrypt passwords out of plain text - but I didn't understand why it seemed OK to store plain text password in other YML files.